[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPsec !?, was: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006

To: marcelo bagnulo braun <marcelo@it.uc3m.es>
Subject: Re: IPsec !?, was: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
From: Francis Dupont <Francis.Dupont@point6.net>
Date: Mon, 31 Jul 2006 14:07:32 +0200
Cc: "Christian Huitema" <huitema@windows.microsoft.com>, "shim6-wg" <shim6@psg.com>, "Iljitsch van Beijnum" <iljitsch@muada.com>
In-reply-to: Your message of Mon, 31 Jul 2006 09:59:53 +0300. <b6eee7b7d94dd9a8cb19a615524b238b@it.uc3m.es>

 In your previous mail you wrote:

   >    there is no general any-to-any mechanism to prove address ownership
   >    using IPsec which is what is provided by CGA/HBA,
   >
   > => I strongly disagree: we don't need such a mechanism because IPsec
   > is based on mutual authentication which is a stronger property than
   > what is provided by CGA/HBA.

   but in order to do that you need or a shared secret or an PKI right?

=> yes but this is not the subject of my answer: you argued IPsec
doesn't provide the right service, I argued it provides it and
perhaps (surely in fact) a lot of other services. The way IPsec can
(cannot in fact) be used is another topics.

Regards

Francis.Dupont@point6.net

Follow-Ups:
- Re: IPsec !?, was: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
  - From: marcelo bagnulo braun <marcelo@it.uc3m.es>

References:
- Re: IPsec !?, was: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
  - From: marcelo bagnulo braun <marcelo@it.uc3m.es>

Prev by Date: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
Next by Date: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
Previous by thread: Re: IPsec !?, was: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
Next by thread: Re: IPsec !?, was: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
Index(es):
- Date
- Thread